Page 804 - StudyBook.pdf
P. 804
788 Appendix • Self Test Appendix
A.The URL for a browser session is contained in the HTTP header. Since this exploit uses a
malformed URL, the NIDS must be able to extract the HTTP header from the incoming
packet and analyze it.
B, C, D.Answer B is incorrect because the TCP header does not contain the URL informa-
tion and would not be of use in identifying this attack.Answer C is incorrect because no use of
XML by the exploit is stated in the scenario.Answer D is incorrect because the exploit does
not use HTTPS content, which would be encrypted and unreadable for the IDS.
3. You are performing a routine penetration test for the company you work for.As part of this
test, you wardial all company extensions searching for modems.The test results indicate that one
of the company extensions has a modem answering when it shouldn’t be.You track this down
and find that a user has installed their own modem so they can connect to an online service.
What should you do?
A. Nothing, this is not a threat.
B. Remove the modem.
C. Disconnect the extension.
D. Notify the user’s supervisor.
D.Answer D is the best choice.This allows for disciplinary actions to be taken if necessary
against the user. In addition, it allows for this to be addressed as a business need if the online
service is truly necessary and for the security risks to be properly addressed.
Answer A is incorrect because any point of access into a corporate system should be considered
a vulnerability.Answer B is incorrect because while this could solve the problem temporarily,
the user could simply do the same thing again later.Answer C is incorrect because while this
would fix the problem, it would also prevent the user from performing their job functions.
4. Your company has a mobile sales force which uses PDAs for entering orders while on the road.
The application used for these orders requires an ID and password to log in.What else should
be done to ensure that these orders are kept confidential when being sent to the host server?
A. Encrypt the data stored on the mobile device.
B. Encrypt the communication channel between the mobile device and the host server.
C. Require an x.509 certificate in addition to the ID and password required to authenticate.
D. Encrypt the data stored on the host server.
B.This is the only answer which covers the requirement of maintaining the confidentiality of
the data during its actual transmission.
A, C, D.Answer A is incorrect because encrypting the data stored on the device does not help
when the data is in the process of being transferred.Answer C is incorrect because while it does
provide for better authentication, it does not help maintain data confidentiality during transmis-
sion.Answer D is incorrect because encrypting the data stored on the host server does not help
during transfer.
www.syngress.com
